Cybersecurity firm Morphisec said it has detected several malicious Word documents that take advantage of a critical Adobe Flash Player bug (CVE-2018-4878) The malicious attachments were able to, for the most part, circumvent AV protection showing a low detection ratio on VirusTotal. Victims who fall for the ploy could ultimately hand over control of their systems to an attacker, according to researchers. An Adobe spokesperson said the majority of exploits are targeting software installations that are not up-to-date on the latest security updates.
Source: https://threatpost.com/massive-malspam-campaign-targets-unpatched-systems/130136/